Cyber Resilience

CVE-2023-27826

HighPublic PoCRCE

Published: 12 April 2023

Published
12 April 2023
Modified
08 February 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1730 95.2th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27826 is a high-severity OS Command Injection (CWE-78) vulnerability in Seowonintech Swc-5100W Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

SeowonIntech SWC 5100W WIMAX Bootloader versions 1.18.19.0 with hardware 0.0.7.0 and firmware 1.11.0.1 or 1.9.9.4 contain an OS command injection vulnerability tracked as CVE-2023-27826. The flaw stems from improper handling within the doSystem() function and is classified under CWE-78, enabling unauthenticated or low-privileged remote attackers to execute arbitrary operating system commands. It carries a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and full confidentiality, integrity, and availability impact.

An attacker with network access and valid low-privileged credentials can supply crafted input that abuses doSystem() to run commands as root, resulting in complete system takeover. Public exploit code has been posted to Exploit-DB and Pastebin, confirming the issue is reproducible against the listed bootloader and firmware revisions.

The EPSS score for this CVE rose from a low baseline to a recorded peak of 0.2351 with a current value of 0.1730, indicating measurable post-disclosure exploitation interest. No vendor advisory or patch information appears in the referenced materials, which consist primarily of device manuals and exploit artifacts.

EU & UK References

Vulnerability details

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

seowonintech
swc-5100w firmware
1.11.0.1, 1.9.9.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References